Open in app

Sign in

Write

Sign in

Admin has the power cybertalents challenge solving writeup

Lime1O1
3 min readDec 23, 2021

--

info

https://cybertalents.com/challenges/web/admin-has-the-power

challenges from cybertalents so lets get started first thing first you need

to know some basic or deep knowledge about:

python , networking , cryptography , php …

Don’t panic I will explain anything in details in the coming posts Lets start

with the challenge called“Admin has the power”.

The first thing we have as we see is the login page which is very interesting ….

It is possible that he is infected with a sql vulnerability

I will try this if there is a sql vulnerability :

admin ‘or’=’

I tried as usual some magic sql queries like “or “x”=”x’) or (‘x’=’x’)

to bypass the login form but it didn’t work so here we should think inside

As we can see, it does not work ( useless ) .

So we’ll read the source code, maybe we’ll find something that helps,…..

Here is a developer who forgot his credentials in the comments for the source code ….

<!-- TODO: remove this line ,  for maintenance purpose use this info (user:support password:x34245323)-->

This is considered misconfiguration vulnerability ..

OK , Let’s login

as you can see we logged in as a support privilege , But that’s not the Sesame

We managed to log in, but we have a problem,

It tells us that we have support privileges

He tells us we need stronger privileges

may be you need better privilages !!

So we will try to read the source code, it may help us to get stronger privilege (Admin) ….

Unfortunately, to no avail. There is nothing useful for us in the source code …

Let’s run the burp, maybe he’s playing with something in the request …

So we resend the request and read it from the burp. May we find something useful ….

Well, there is something very interesting ….

Cookie: PHPSESSID=heenfj5f2d0scnicoggp04rb62; role=support

Well, let’s try changing the value of the role from support to admin. Maybe this helps us. It might work and we get admin permissions.

It will be like this …

Cookie: PHPSESSID=heenfj5f2d0scnicoggp04rb62; role=admin

Here we are admin …..

We have successfully solved this challenge ..

( Admin has the power )

As you can see we’ve captured the secret flag

Photo by Matt Botsford on Unsplash

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Ctf
Cybertalents
Web
Security
Challenge

--

--

Lime1O1
Lime1O1

Written by Lime1O1

6 Followers
5 Following

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams